码迷,mamicode.com
首页 > 数据库 > 详细

MySQL的授权

时间:2020-07-04 22:48:16      阅读:303      评论:0      收藏:0      [点我收藏+]

标签:说明   update   姓名   mysq   服务   表名   字段   mys   指定   

grant 授权

            什么是用户授权:在数据库服务器上添加新的连接用户,并设置权限和密码。
           

             为什么要用授权:如果没有授权用户,那么只能有root用户在本机登陆数据库,其它用户无法登陆。
                                        没有授权时,其它主机也无法访问数据库。

 

             指令格式:

                          mysql> grant  权限列表  on  库名  to  用户名@"客户端地址"  identified by "密码" ;

                         权限列表:

 

                                      all       所有权限
                                      usage  只能连接上数据库,没有任何权限
                                      select,update,inseret ...    个别权限,这个权限对所有字段有效
                                      select,update(字段1,字段2...)   只能对指定的字段有相应的权                     

                         库名:
                                      *.*              所有库所有表
                                     库名.*         一个库
                                     库名.表名   一张表

                        用户名:
                                      授权时可以自定义,要有标识性,容易记,可以名中看出用途存储在mysql库的user表里

                        客户端地址:
                                      % 表示互联网上的所有主机0
                                      192.168.4.% 网段内的所有主机
                                      192.168.4.1 1台主机
                                       localhost 数据库服务器本机

授权举例1:
       添加admin用户,允许从192.168.4.0/24网段连接,对db3库的user表有查询权限,密码为123456
mysql> grant  select on db3.user to admin@"192.168.4.%" identified by "123456";


授权举例2:
      添加admin2,允许从本机连接,允许以db3库的所有表有 查询,更新,插入删除记录权限,密码为123456
mysql> grant select ,insert,update,delete on db3.* to admin2@"localhost" identified  by "123456";

 

授权库

 

grant授权的信息是保存在授权库中的,mysql库记录了授权信息,主要的表如下:
                     user                 记录已有的授权用户及权限
                     db                    记录已有授权用户对数据库的访问权限
                     tables_priv      记录已有授权用户对表的访问权限
                     columns_priv  记录已有授权用户对字段的访问权限

一 查看当前columns_priv,tables_priv,db,user表中的授权用户

mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
Empty set (0.00 sec)                                #columns_priv表当前为空,说明当前数据库没有真对某些字段的授权  
   
mysql> select user,host,db,table_name from mysql.tables_priv;
+-----------+-----------+-----+------------+        #tables_priv表中只有系统默认的授权用户msyql.sys
| user      | host      | db  | table_name |
+-----------+-----------+-----+------------+
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+-----+------------+
mysql> select user,host,db from mysql.db;
+-----------+-----------+-----+                     #db表中也是系统默认授权用户mysql.sys
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+
mysql> select user,host  from mysql.user;
+-----------+-----------+                           #user表中有系统默认用户mysql.sys和root
| user      | host      |
+-----------+-----------+
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+


二  添加真对school.student表中“学号”,“姓名”,“性别”这三个字段的授权用户col_user

mysql> grant select,update(学号,姓名,性别),insert on school.student to col_user@% identified by "123456";
mysql>  select user,host,db,table_name,column_name from mysql.columns_priv;
                                                   #在columns_priv表中查看授权用户,每条记录是一个授权字段
+----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名        |
| col_user | %    | school | student    | 学号        |
| col_user | %    | school | student    | 性别        |
+----------+------+--------+------------+-------------+

mysql> select user,host,db,table_name from mysql.tables_priv;
+-----------+-----------+--------+------------+    #在tables_priv表中也可以看到该用户对school.student表有访问权限
| user      | host      | db     | table_name |    #具体权限需要用show grants查看
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+

mysql> show grants for col_user@‘%‘;                 #通过show grants查看col_user对school.student的具体权限
+-----------------------------------------------------------------------------------------------+
| Grants for col_user@%                                                                         |
+-----------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘col_user‘@‘%‘                                                          |
| GRANT SELECT, INSERT, UPDATE (性别, 学号, 姓名) ON `school`.`student` TO ‘col_user‘@‘%‘         |
+-----------------------------------------------------------------------------------------------+

mysql> select user,host,db from mysql.db;
+-----------+-----------+-----+                     #db表中看不到该用户
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+

mysql> select user,host  from mysql.user;
+-----------+-----------+                           #在user表中可以看到该用户
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+
mysql> 


三  添加授权用户tab_user1,tab_user2对表school.teacher,school.student的访问权限

mysql> grant all on school.teacher to tab_user1@% identified by "123456";
mysql> grant select on school.student to tab_user2@% identified by "123456";
mysql>  select user,host,db,table_name,column_name from mysql.columns_priv;
                                                    #colunm_priv表中授权记录的用户没有变化
+----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名         |
| col_user | %    | school | student    | 学号         |
| col_user | %    | school | student    | 性别         |
+----------+------+--------+------------+-------------+
                                                    #tables_priv表中可以看到tab_user1,tab_user2用户
mysql> select user,host,db,table_name from mysql.tables_priv;
+-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+
mysql> show grants for tab_user1@%;              #通过show grants可以看出tab_user1,tab_user2的具体授权权限
+---------------------------------------------------------------+
| Grants for tab_user1@%                                        |
+---------------------------------------------------------------+
| GRANT USAGE ON *.* TO tab_user1@%                         |
| GRANT ALL PRIVILEGES ON `school`.`teacher` TO tab_user1@% |
+---------------------------------------------------------------+
mysql> show grants for tab_user2@%;
+-------------------------------------------------------+
| Grants for tab_user2@%                                |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO tab_user2@%                 |
| GRANT SELECT ON `school`.`student` TO tab_user2@% |
+-------------------------------------------------------+
                                                   
mysql> select user,host,db from mysql.db;           #db表中没有变化
+-----------+-----------+-----+
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+

mysql> select user,host  from mysql.user;           #user表中可以看到tab_user1,tab_user2
+-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+
mysql> 


四 添加授权用户db_user1,db_user2用户对库school,school2的访问权限   
       
mysql> grant all on school.* to db_user1@% identified by "123456";
mysql> grant select on school2.* to db_user2@% identified by "123456";
mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
                                                   #只要没有对任意表中字段的授权,column_priv表不会有变化
+----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名        |
| col_user | %    | school | student    | 学号        |
| col_user | %    | school | student    | 性别        |
+----------+------+--------+------------+-------------+

mysql> select user,host,db,table_name from mysql.tables_priv;
                                                   #添加了真对库的授权用户,没有对表的授权用户所以db表中也不会变化
+-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+

mysql> select user,host,db from mysql.db;         #db表中可以看到添加的授权用户
+-----------+-----------+---------+
| user      | host      | db      |
+-----------+-----------+---------+
| db_user1  | %         | school  |
| db_user2  | %         | school2 |
| mysql.sys | localhost | sys     |
+-----------+-----------+---------+

mysql> select user,host  from mysql.user;         #只要添加了授权用户user表中都会有记录
+-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| db_user1  | %         |
| db_user2  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+
mysql> 



五  添加授权用户user对所有库和表有访问权限 

mysql> grant all on *.* to user@% identified by "123456";
mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
+----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名         |
| col_user | %    | school | student    | 学号         |
| col_user | %    | school | student    | 性别         |
+----------+------+--------+------------+-------------+
3 rows in set (0.00 sec)

mysql> select user,host,db,table_name from mysql.tables_priv;
+-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+
4 rows in set (0.01 sec)

mysql> select user,host,db from mysql.db;
+-----------+-----------+---------+
| user      | host      | db      |
+-----------+-----------+---------+
| db_user1  | %         | school  |
| db_user2  | %         | school2 |
| mysql.sys | localhost | sys     |
+-----------+-----------+---------+
3 rows in set (0.00 sec)

mysql> select user,host  from mysql.user;        #只有在user表中可以看到use_user
+-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| db_user1  | %         |
| db_user2  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| use_user  | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+
mysql>

 

MySQL的授权

标签:说明   update   姓名   mysq   服务   表名   字段   mys   指定   

原文地址:https://www.cnblogs.com/sven-pro/p/13234890.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!